Related

wordpress Twitter Feed is not displays on Digital ocean host Question Question
How can I fix this ERROR: Site wordpress does not exist! ? Question Question

Question

Configure OCSP Stapling on Apache

Posted August 23, 2016 7.9k views
UbuntuApacheWordPress

I’m trying to enable OCSP Stapling on my 000-default.conf file in Apache/2.4.7 (see support article) - when performing sudo apache2ctl configtest && sudo service apache2 restartcommand I get a syntax error.

I’m using SSLUseStapling on in my code.

Add a comment
kyler
By:
kyler
Add a comment
2 comments
  • ryanpq August 23, 2016
    Reply Report

    Can you share the content of your 000-default.conf file and the details of the syntax error that was displayed. With that information it’ll be much easier to help you identify the issue.

  • kyler August 23, 2016
    Reply Report

    000-default.conf

    <VirtualHost *:80>
        ServerName example.com
        Redirect permanent / example.com
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName example.com
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains;"
        SSLEngine on
        SSLProtocol All -SSLv2 -SSLv3
        SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
        SSLHonorCipherOrder On
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff
        SSLCertificateFile /root/ssl/example.com.crt
        SSLCertificateKeyFile /root/example.com.key
        SSLCACertificateFile /root/ssl/intermediate.crt
        SSLUseStapling on

        <Directory /var/www/html/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

    Error messages:

    Action 'start' failed. The Apache error log may have more information.

    A few errors that I picked up on the Apache error log/var/log/apache2/access.log:

    [Tue Aug 23 10:58:31.630380 2016] [ssl:emerg] [pid 12152] AH01958: SSLStapling: no stapling cache available

[Tue Aug 23 10:58:31.630447 2016] [ssl:emerg] [pid 12152] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
kyler August 23, 2016

Turns out I just needed to specify the following SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help